Identifying phishing websites using DOM characteristics

Abstract

Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS[0001]This application is a non-provisional of and claims the benefit of priority to U.S. Provisional Application No. 62 / 219,623 filed Sep. 16, 2015, which is hereby incorporated by reference in its entirety for all purposes.[0002]This application is related to U.S. Non-provisional application Ser. No. 14 / 938,814, titled “USING HASH SIGNATURES OF DOM OBJECTS TO IDENTIFY WEBSITE SIMILARITY,” which was filed on Nov. 11, 2015, and which is a non-provisional application of and claims the benefit of priority to U.S. Provisional Application No. 62 / 219,624 filed Sep. 16, 2015. Both of the above-referenced applications are hereby incorporated by reference in their entirety for all purposes.BACKGROUND[0003]As people use the internet for more sensitive activities including managing banking accounts, health information, and pretty much every other facet of a person's life, the incidence of phishing attacks has increased. A phishing attack is a type of fr...

AI Technical Summary

Benefits of technology

This approach provides more effective and accurate detection of phishing websites by analyzing fully executed DOM objects, capable of identifying both obfuscated and dynamic phishing schemes that evade traditional detection methods, thereby enhancing the recognition and mitigation of phishing threats across the internet.

Problems solved by technology

As people use the internet for more sensitive activities including managing banking accounts, health information, and pretty much every other facet of a person's life, the incidence of phishing attacks has increased.

The operator of the phishing website may then use the sensitive information to initiate fraudulent transactions or may sell the sensitive information to others that use the information to initiate fraudulent transactions.

Thus, phishing website operators may hack into a website, implement one of the kits, and start receiving sensitive consumer information from consumers that happen across the website and are tricked into believing the website is legitimate.

However, the use of static website information is limited in its accuracy and abilities to identify phishing.

Additionally, many characteristics that identify phishing behavior cannot be observed through static website information.

Images